fix CHANGES

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index d6ad39f95ee1a8a3ee08a705c9600582b1b0c8b7..04b14bda8c168e3b50f777bf75b4d8d15f55a0c0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -255,6 +255,30 @@
   
  Changes between 1.0.0f and 1.0.1  [xx XXX xxxx]
 
+  *) Add support for TLS/DTLS heartbeats.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Add support for SCTP.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green@stratus.com>]
+
+  *) Extensive assembler packs updates, most notably:
+
+       - x86[_64]:     AES-NI, PCLMULQDQ, RDRAND support;
+       - x86[_64]:     SSSE3 support (SHA1, vector-permutation AES);
+       - x86_64:       bit-sliced AES implementation;
+       - ARM:          NEON support, contemporary platforms optimizations;
+       - s390x:        z196 support;
+       - *:            GHASH and GF(2^m) multiplication implementations;
+
+     [Andy Polyakov]
+
+  *) Make TLS-SRP code conformant with RFC 5054 API cleanup
+     (removal of unnecessary code)
+     [Peter Sylvester <peter.sylvester@edelweb.fr>]
+
   *) Add -attime option to openssl utilities.
      [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]
 
@@ -472,9 +496,6 @@
   *) Add SRP support.
      [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
 
-  *) Add -attime option to openssl verify.
-     [Peter Eckersley <pde@eff.org> and Ben Laurie]
-
   *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
      [Steve Henson]
 
@@ -502,6 +523,17 @@
 
  Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
 
+  *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
+     [Adam Langley (Google)]
+
+  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+     [Andrey Kulikov <amdeich@gmail.com>]
+
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra@hactrn.net>]
+
   *) Fix ssl_ciph.c set-up race.
      [Adam Langley (Google)]